From 7e1caaa2f408f3eb81482a98f12d4cdee3c2e043 Mon Sep 17 00:00:00 2001 From: Nemo Date: Fri, 2 Oct 2020 22:35:00 +0200 Subject: [PATCH] Start working on icinga2 server --- playbook_icinga2_deploy.yml | 5 ++ roles/icinga2_server/README.md | 43 +++++++++++ roles/icinga2_server/defaults/main.yml | 73 ++++++++++++++++++ roles/icinga2_server/handlers/main.yml | 12 +++ .../tasks/configure_icinga2_api_feature.yml | 38 ++++++++++ .../icinga2_server/tasks/install_icinga2.yml | 17 +++++ .../tasks/install_icingaweb2.yml | 10 +++ roles/icinga2_server/tasks/install_ido.yml | 22 ++++++ .../icinga2_server/tasks/install_mariadb.yml | 76 +++++++++++++++++++ roles/icinga2_server/tasks/main.yml | 10 +++ roles/icinga2_server/tasks/repository.yml | 14 ++++ .../templates/api-users.conf.j2 | 23 ++++++ roles/icinga2_server/templates/my.cnf.j2 | 5 ++ .../icinga2_server/templates/settings.cnf.j2 | 38 ++++++++++ roles/icinga2_server/vars/Debian.yml | 17 +++++ roles/web_as208585.net/README.md | 4 + 16 files changed, 407 insertions(+) create mode 100644 playbook_icinga2_deploy.yml create mode 100644 roles/icinga2_server/README.md create mode 100644 roles/icinga2_server/defaults/main.yml create mode 100644 roles/icinga2_server/handlers/main.yml create mode 100644 roles/icinga2_server/tasks/configure_icinga2_api_feature.yml create mode 100644 roles/icinga2_server/tasks/install_icinga2.yml create mode 100644 roles/icinga2_server/tasks/install_icingaweb2.yml create mode 100644 roles/icinga2_server/tasks/install_ido.yml create mode 100644 roles/icinga2_server/tasks/install_mariadb.yml create mode 100644 roles/icinga2_server/tasks/main.yml create mode 100644 roles/icinga2_server/tasks/repository.yml create mode 100644 roles/icinga2_server/templates/api-users.conf.j2 create mode 100644 roles/icinga2_server/templates/my.cnf.j2 create mode 100644 roles/icinga2_server/templates/settings.cnf.j2 create mode 100644 roles/icinga2_server/vars/Debian.yml diff --git a/playbook_icinga2_deploy.yml b/playbook_icinga2_deploy.yml new file mode 100644 index 0000000..5b2a2f1 --- /dev/null +++ b/playbook_icinga2_deploy.yml @@ -0,0 +1,5 @@ +--- +- hosts: icinga2_server + roles: + - icinga2_server + diff --git a/roles/icinga2_server/README.md b/roles/icinga2_server/README.md new file mode 100644 index 0000000..cec2ec1 --- /dev/null +++ b/roles/icinga2_server/README.md @@ -0,0 +1,43 @@ +Ansible Role: icinga2_server +========= + +This role deploys as208585 webfiles on a GNU/Linux server. + +Requirements +------------ + +None. + +Role Variables +-------------- + +All variables and default values are defined in `defaults/main.yml` : + + # Files location for as208585.net website + website_location: "/var/www/html/as208585.net" + + # Web user + website_user: "www-data" + website_group: "www-data" + +Dependencies +------------ + +None. + +Example Playbook +---------------- + + - hosts: web_server + roles: + - icinga2_server + +License +------- + +BSD + +Author Information +------------------ + +This role was created in 2020 by Nemo. diff --git a/roles/icinga2_server/defaults/main.yml b/roles/icinga2_server/defaults/main.yml new file mode 100644 index 0000000..d7faed3 --- /dev/null +++ b/roles/icinga2_server/defaults/main.yml @@ -0,0 +1,73 @@ +--- + +icinga2_server_apt_repository: "deb http://packages.icinga.com/{{ ansible_distribution|lower }} icinga-{{ ansible_distribution_release }} main" +icinga2_server_apt_key: "http://packages.icinga.com/icinga.key" + +icinga2_server_icinga2_package: icinga2 +icinga2_server_monitoring_plugins_package: monitoring-plugins + +icinga2_server_icinga2_service: icinga2 + +icinga2_server_mariadb_server_package: mariadb-server +icinga2_server_mariadb_client_package: mariadb-client +icinga2_server_mariadb_python_package: python-mysqldb +icinga2_server_icinga2_ido_mysql_package: icinga2-ido-mysql +icinga2_server_icingaweb2_package: icingaweb2 +icinga2_server_icingacli_package: icingacli +icinga2_server_apache_httpd_package: apache2 +icinga2_server_apache_httpd_service: apache2 + +icinga2_server_user: nagios +icinga2_server_group: nagios + +icinga2_server_mariadb_service: mariadb + +icinga2_server_mariadb_root_password: needToBeChanged + +icinga2_server_mariadb_bind_address: '127.0.0.1' +icinga2_server_mariadb_performance_schema: on +icinga2_server_mariadb_skip_name_resolve: 1 +icinga2_server_mariadb_max_connections: 100 +icinga2_server_mariadb_connect_timeout: 2 +icinga2_server_mariadb_max_allowed_packet: 10M +icinga2_server_mariadb_innodb_buffer_pool_instances: 1 +icinga2_server_mariadb_innodb_buffer_pool_size: 100M +icinga2_server_mariadb_innodb_log_file_size: 25M +icinga2_server_mariadb_table_cache: 1000 +icinga2_server_mariadb_tmp_table_size: 50M +icinga2_server_mariadb_max_heap_table_size: 50M +icinga2_server_mariadb_query_cache_limit: 256K +icinga2_server_mariadb_query_cache_type: 0 +icinga2_server_mariadb_query_cache_size: 0 +icinga2_server_mariadb_query_cache_min_res_unit: 2k +icinga2_server_mariadb_join_buffer_size: 2M +icinga2_server_mariadb_sort_buffer_size: 256K +icinga2_server_mariadb_read_buffer_size: 128K +icinga2_server_mariadb_read_rnd_buffer_size: 4M +icinga2_server_mariadb_key_buffer: 500M +icinga2_server_mariadb_slow_query_log: true +icinga2_server_mariadb_long_query_time: 5 +icinga2_server_mariadb_log_slow_admin_statements: true +icinga2_server_mariadb_log_queries_not_using_indexes: true + +icinga2_server_mariadb_databases: + - icinga + - icingaweb2 + +icinga2_server_mariadb_users: + icinga_user: + name: "icinga_user" + password: "needToBeChanged" + priv: "icinga.*:ALL" + icingaweb2_user: + name: "icingaweb2_user" + password: "needToBeChanged" + priv: "icinga.*:ALL" + +icinga2_server_mariadb_icinga_schema_location: "/usr/share/icinga2-ido-mysql/schema/mysql.sql" + +icinga2_server_api_users: + - username: root + password: 'needToBeChanged' + permissions: '*' + diff --git a/roles/icinga2_server/handlers/main.yml b/roles/icinga2_server/handlers/main.yml new file mode 100644 index 0000000..8861df5 --- /dev/null +++ b/roles/icinga2_server/handlers/main.yml @@ -0,0 +1,12 @@ +--- + +- name: package repository updated + apt: + update_cache: yes + when: ansible_os_family == 'Debian' + +- name: "restart icinga2" + service: + name: "{{ icinga2_server_icinga2_service }}" + enabled: yes + state: restarted diff --git a/roles/icinga2_server/tasks/configure_icinga2_api_feature.yml b/roles/icinga2_server/tasks/configure_icinga2_api_feature.yml new file mode 100644 index 0000000..e0e244e --- /dev/null +++ b/roles/icinga2_server/tasks/configure_icinga2_api_feature.yml @@ -0,0 +1,38 @@ +--- +- name: Apache HTTPD installed + package: + name: "{{ icinga2_server_apache_httpd_package }}" + state: present + +- name: Apache HTTPD started and enabled + service: + name: '{{ icinga2_server_apache_httpd_service }}' + enabled: true + state: started + +- name: api-users.conf file installed + template: + src: api-users.conf.j2 + dest: /etc/icinga2/conf.d/api-users.conf + owner: "{{ icinga2_server_user }}" + group: "{{ icinga2_server_group }}" + mode: 0640 + notify: restart icinga2 + register: apiusers + no_log: True + +- name: execute icinga2 api setup command + command: icinga2 api setup + args: + creates: /var/lib/icinga2/ca/ca.crt + notify: restart icinga2 + when: apiusers.changed + +- name: Icinga2 api feature enabled + icinga2_feature: + name: api + state: present + notify: restart icinga2 + +- name: Flush handlers + meta: flush_handlers diff --git a/roles/icinga2_server/tasks/install_icinga2.yml b/roles/icinga2_server/tasks/install_icinga2.yml new file mode 100644 index 0000000..898eb6d --- /dev/null +++ b/roles/icinga2_server/tasks/install_icinga2.yml @@ -0,0 +1,17 @@ +--- +- name: Icinga2 installed + package: + name: "{{ icinga2_server_icinga2_package }}" + state: present + +- name: Monitoring-plugins installed + package: + name: "{{ icinga2_server_monitoring_plugins_package }}" + state: present + +- name: Icinga2 started and enabled + service: + name: '{{ icinga2_server_icinga2_service }}' + enabled: true + state: started + diff --git a/roles/icinga2_server/tasks/install_icingaweb2.yml b/roles/icinga2_server/tasks/install_icingaweb2.yml new file mode 100644 index 0000000..4ce4306 --- /dev/null +++ b/roles/icinga2_server/tasks/install_icingaweb2.yml @@ -0,0 +1,10 @@ +--- +- name: Icingaweb2 installed + package: + name: "{{ icinga2_server_icingaweb2_package }}" + state: present + +- name: Icingacli installed + package: + name: "{{ icinga2_server_icingacli_package }}" + state: present diff --git a/roles/icinga2_server/tasks/install_ido.yml b/roles/icinga2_server/tasks/install_ido.yml new file mode 100644 index 0000000..aff02d6 --- /dev/null +++ b/roles/icinga2_server/tasks/install_ido.yml @@ -0,0 +1,22 @@ +--- +- name: Icinga2 IDO MySQL module installed + package: + name: "{{ icinga2_server_icinga2_ido_mysql_package }}" + state: present + register: idoinstalled + +- name: Icinga DB schema imported + mysql_db: + state: import + name: icinga + target: "{{ icinga2_server_mariadb_icinga_schema_location }}" + when: idoinstalled.changed + +- name: Icinga2 ido-mysql feature enabled + icinga2_feature: + name: ido-mysql + state: present + notify: restart icinga2 + +- name: Flush handlers + meta: flush_handlers diff --git a/roles/icinga2_server/tasks/install_mariadb.yml b/roles/icinga2_server/tasks/install_mariadb.yml new file mode 100644 index 0000000..8cd00a2 --- /dev/null +++ b/roles/icinga2_server/tasks/install_mariadb.yml @@ -0,0 +1,76 @@ +--- +- name: MariaDB server installed + package: + name: "{{ icinga2_server_mariadb_server_package }}" + state: present + +- name: MariaDB client installed + package: + name: "{{ icinga2_server_mariadb_client_package }}" + state: present + +- name: MariaDB Python installed + package: + name: "{{ icinga2_server_mariadb_python_package }}" + state: present + +- name: MariaDB started and enabled + service: + name: '{{ icinga2_server_mariadb_service }}' + enabled: true + state: started + +- name: ~/.my.cnf configured for root user + template: + src: my.cnf.j2 + dest: /root/.my.cnf + owner: root + group: root + mode: 0600 + no_log: True + +- name: root password updated + mysql_user: + name: root + host: "{{ item }}" + password: "{{ icinga2_server_mariadb_root_password }}" + state: present + with_items: + - 127.0.0.1 + - ::1 + - localhost + no_log: True + +- name: test databased deleted + mysql_db: + name: test + state: absent + +- name: anonymous users deleted + mysql_user: + name: '' + host: "{{ item }}" + state: absent + with_items: + - localhost + - 127.0.0.1 + - ::1 + no_log: True + +- name: databases created + mysql_db: + name: "{{ item }}" + state: present + with_items: + - "{{ icinga2_server_mariadb_databases }}" + +- name: Icinga user created + mysql_user: + name: "{{ item.value.name }}" + password: "{{ item.value.password }}" + priv: "{{ item.value.priv }}" + state: present + with_dict: "{{ icinga2_server_mariadb_users }}" + no_log: True + + diff --git a/roles/icinga2_server/tasks/main.yml b/roles/icinga2_server/tasks/main.yml new file mode 100644 index 0000000..b0e4815 --- /dev/null +++ b/roles/icinga2_server/tasks/main.yml @@ -0,0 +1,10 @@ +--- +- name: Include OS-specific variables. + include_vars: "{{ ansible_os_family }}.yml" + +#- import_tasks: repository.yml +#- import_tasks: install_icinga2.yml +- import_tasks: install_mariadb.yml +#- import_tasks: install_ido.yml +#- import_tasks: configure_icinga2_api_feature.yml +#- import_tasks: install_icingaweb2.yml diff --git a/roles/icinga2_server/tasks/repository.yml b/roles/icinga2_server/tasks/repository.yml new file mode 100644 index 0000000..85a664e --- /dev/null +++ b/roles/icinga2_server/tasks/repository.yml @@ -0,0 +1,14 @@ +--- +- name: Icinga apt key installed + apt_key: + url: '{{ icinga2_server_apt_key }}' + state: present + when: ansible_os_family == 'Debian' + +- name: Icinga APT repository configured + apt_repository: + repo: '{{ icinga2_server_apt_repository }}' + state: present + when: ansible_os_family == 'Debian' + notify: package repository updated + diff --git a/roles/icinga2_server/templates/api-users.conf.j2 b/roles/icinga2_server/templates/api-users.conf.j2 new file mode 100644 index 0000000..9dd9971 --- /dev/null +++ b/roles/icinga2_server/templates/api-users.conf.j2 @@ -0,0 +1,23 @@ +/** + * {{ ansible_managed }} + */ + +{% for user in icinga2_server_api_users %} +object ApiUser "{{ user.username }}" { + password = "{{ user.password }}" +{% if user.permissions is string %} + permissions = [ "{{ user.permissions }}" ] +{% else %} + permissions = [ +{% for permission in user.permissions %} + { + permission = "{{ permission.name }}" +{% if permission.filter is defined %} + filter = {{ '{{' }} {{ permission.filter }} {{ '}}' }} +{% endif %} + }, +{% endfor %} + ] +{% endif %} +} +{% endfor %} diff --git a/roles/icinga2_server/templates/my.cnf.j2 b/roles/icinga2_server/templates/my.cnf.j2 new file mode 100644 index 0000000..19090a9 --- /dev/null +++ b/roles/icinga2_server/templates/my.cnf.j2 @@ -0,0 +1,5 @@ +# {{ ansible_managed }} + +[client] +user=root +password={{ icinga2_server_mariadb_root_password }} diff --git a/roles/icinga2_server/templates/settings.cnf.j2 b/roles/icinga2_server/templates/settings.cnf.j2 new file mode 100644 index 0000000..64ea61d --- /dev/null +++ b/roles/icinga2_server/templates/settings.cnf.j2 @@ -0,0 +1,38 @@ +# {{ ansible_managed }} + +[client] +user = root +password = {{ icinga2_server_mariadb_root_password }} + +[mysqld] +bind_address = {{ icinga2_server_mariadb_bind_address }} +performance_schema = {{ icinga2_server_mariadb_performance_schema }} +skip-name-resolve = {{ icinga2_server_mariadb_skip_name_resolve }} + +max_connections = {{ icinga2_server_mariadb_max_connections }} +connect_timeout = {{ icinga2_server_mariadb_connect_timeout }} +max_allowed_packet = {{ icinga2_server_mariadb_max_allowed_packet }} + +innodb_buffer_pool_instances = {{ icinga2_server_mariadb_innodb_buffer_pool_instances }} +innodb_buffer_pool_size = {{ icinga2_server_mariadb_innodb_buffer_pool_size }} +innodb_log_file_size = {{ icinga2_server_mariadb_innodb_log_file_size }} +table_cache = {{ icinga2_server_mariadb_table_cache }} + +tmp_table_size = {{ icinga2_server_mariadb_tmp_table_size }} +max_heap_table_size = {{ icinga2_server_mariadb_max_heap_table_size }} + +query_cache_type = {{ icinga2_server_mariadb_query_cache_type }} +query_cache_limit = {{ icinga2_server_mariadb_query_cache_limit }} +query_cache_size = {{ icinga2_server_mariadb_query_cache_size }} +query_cache_min_res_unit = {{ icinga2_server_mariadb_query_cache_min_res_unit }} + +join_buffer_size = {{ icinga2_server_mariadb_join_buffer_size }} +sort_buffer_size = {{ icinga2_server_mariadb_sort_buffer_size }} +read_buffer_size = {{ icinga2_server_mariadb_read_buffer_size }} +read_rnd_buffer_size = {{ icinga2_server_mariadb_read_rnd_buffer_size }} +key_buffer = {{ icinga2_server_mariadb_key_buffer }} + +slow_query_log = {{ icinga2_server_mariadb_slow_query_log }} +long_query_time = {{ icinga2_server_mariadb_long_query_time }} +log_slow_admin_statements = {{ icinga2_server_mariadb_log_slow_admin_statements }} +log_queries_not_using_indexes = {{ icinga2_server_mariadb_log_queries_not_using_indexes }} diff --git a/roles/icinga2_server/vars/Debian.yml b/roles/icinga2_server/vars/Debian.yml new file mode 100644 index 0000000..6223902 --- /dev/null +++ b/roles/icinga2_server/vars/Debian.yml @@ -0,0 +1,17 @@ +--- + +icinga2_server_icinga2_package: icinga2 +icinga2_server_monitoring_plugins_package: monitoring-plugins +icinga2_server_icinga2_service: icinga2 +icinga2_server_mariadb_server_package: mariadb-server +icinga2_server_mariadb_client_package: mariadb-client +icinga2_server_mariadb_service: mariadb +icinga2_server_mariadb_python_package: python-mysqldb +icinga2_server_icinga2_ido_mysql_package: icinga2-ido-mysql +icinga2_server_mariadb_icinga_schema_location: "/usr/share/icinga2-ido-mysql/schema/mysql.sql" +icinga2_server_icingaweb2_package: icingaweb2 +icinga2_server_icingacli_package: icingacli +icinga2_server_apache_httpd_package: apache2 +icinga2_server_apache_httpd_service: apache2 +icinga2_server_user: nagios +icinga2_server_group: nagios diff --git a/roles/web_as208585.net/README.md b/roles/web_as208585.net/README.md index bb14cb4..bb19f74 100644 --- a/roles/web_as208585.net/README.md +++ b/roles/web_as208585.net/README.md @@ -15,6 +15,10 @@ All variables and default values are defined in `defaults/main.yml` : # Files location for as208585.net website website_location: "/var/www/html/as208585.net" + + # Web user + website_user: "www-data" + website_group: "www-data" Dependencies ------------